/HackSql

PowerShell: Take sysadmin of most local SQL Server instances without a restart

Primary LanguagePowerShellOtherNOASSERTION

HackSql PowerShell Module by Cody Konior

There is no logo yet.

Build status

Read the CHANGELOG

Description

Before PowerSploit was released there was a script that could be used to run a script with the privileges of an arbitrary user. I turned that into a module and added functionality to execute under whatever service account SQL Server was using. This allowed you (if you had Administrator access to the Windows machine) to add an arbitrary login as sysadmin within the engine.

Installation

  • Install-Module HackSql

Major functions

  • Start-HackSql

Tips

  • This will work even if the Administrators group does not have access within SQL Server, but it will not work if you remove the service account's own access or similar access (e.g. NT SERVICE\MSSQLSERVER) from itself. That's commonly used to lock down SQL Server in some applications.
  • It requires some tweaking for Failover Clusters to extract network names rather than assuming the local computer name is the right one to use.